Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. BBA
Strange VPDN Multihop Behaviour
clayton at mnsi
Oct 30, 2007, 7:41 AM
Post #1 of 2 (2919 views)
Permalink
We have a Cisco7206 acting as a LAC for PPPoE sessions coming from an
Ethernet based DSLAM. We've had a number of issues with regards to
Cisco's broken VLAN range implementation, but now we have a VERY
strange situation.

We have the router set up to tunnel all customers with the @mnsi.net
suffix. It seems to be working - sometimes.

2 customers for some reason are authenticating locally, despite the
fact that we have the tunneling configured. Other customers are
tunneling just fine. Its very odd, but repeatable. We don't know
what PPPoE client software the customers are running. I'm really not
sure what could cause a customer's client software to force the
router to authenticate them locally rather than tunneling.

Here are most of the relevant pieces of info:

We're running Version 12.4(15)T1

vpdn-group tunnel
request-dialin
protocol l2tp
domain mnsi.net
initiate-to ip 216.8.XXX.XXX
initiate-to ip 216.8.XXX.XXX
local name lns1
l2tp tunnel password 7 XXXXXXXXXXXXXXXXX
l2tp tunnel receive-window 1024

bba-group pppoe global
virtual-template 1
service profile PPPoE
vendor-tag circuit-id service
sessions max limit 5000
ac name lns1
sessions per-vc limit 5
sessions per-mac limit 2
sessions auto cleanup

interface Virtual-Template1
mtu 1492
ip unnumbered Loopback0
ip load-sharing per-packet
no logging event link-status
load-interval 30
peer default ip address pool dynamic1
ppp authentication pap ppp_local
ppp authorization ppp_local
ppp ipcp dns 216.8.XXX.XXX 216.8.XXX.XXX

aaa authentication login default line
aaa authentication enable default enable
aaa authentication ppp default group radius
aaa authentication ppp ppp_local group radius
aaa authorization network default local
aaa authorization network ppp_local group radius
aaa accounting delay-start
aaa accounting network default start-stop group radius



---
Clayton Zekelman
Managed Network Systems Inc. (MNSi)
344-300 Tecumseh Rd. E.
Windsor, Ontario
N8X 5E8

tel. 519-985-8410
fax. 519-985-8409

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
Re: Strange VPDN Multihop Behaviour [ In reply to ]
frnkblk at iname
Oct 30, 2007, 5:24 PM
Post #2 of 2 (2752 views)
Permalink
Have you tried sniffing the initial PPPoE connection and/or turning on debug
on the router to see if there's something you can compare/contrast with
other, working connections? If so, can you post them on a page for us to
compare?

Frank

P.S. take care when using debug -- make sure to set the appropriate
conditions!

-----Original Message-----
From: cisco-bba-bounces@puck.nether.net
[mailto:cisco-bba-bounces@puck.nether.net] On Behalf Of Clayton Zekelman
Sent: Tuesday, October 30, 2007 9:42 AM
To: cisco-bba@puck.nether.net
Subject: [cisco-bba] Strange VPDN Multihop Behaviour


We have a Cisco7206 acting as a LAC for PPPoE sessions coming from an
Ethernet based DSLAM. We've had a number of issues with regards to
Cisco's broken VLAN range implementation, but now we have a VERY
strange situation.

We have the router set up to tunnel all customers with the @mnsi.net
suffix. It seems to be working - sometimes.

2 customers for some reason are authenticating locally, despite the
fact that we have the tunneling configured. Other customers are
tunneling just fine. Its very odd, but repeatable. We don't know
what PPPoE client software the customers are running. I'm really not
sure what could cause a customer's client software to force the
router to authenticate them locally rather than tunneling.

Here are most of the relevant pieces of info:

We're running Version 12.4(15)T1

vpdn-group tunnel
request-dialin
protocol l2tp
domain mnsi.net
initiate-to ip 216.8.XXX.XXX
initiate-to ip 216.8.XXX.XXX
local name lns1
l2tp tunnel password 7 XXXXXXXXXXXXXXXXX
l2tp tunnel receive-window 1024

bba-group pppoe global
virtual-template 1
service profile PPPoE
vendor-tag circuit-id service
sessions max limit 5000
ac name lns1
sessions per-vc limit 5
sessions per-mac limit 2
sessions auto cleanup

interface Virtual-Template1
mtu 1492
ip unnumbered Loopback0
ip load-sharing per-packet
no logging event link-status
load-interval 30
peer default ip address pool dynamic1
ppp authentication pap ppp_local
ppp authorization ppp_local
ppp ipcp dns 216.8.XXX.XXX 216.8.XXX.XXX

aaa authentication login default line
aaa authentication enable default enable
aaa authentication ppp default group radius
aaa authentication ppp ppp_local group radius
aaa authorization network default local
aaa authorization network ppp_local group radius
aaa accounting delay-start
aaa accounting network default start-stop group radius



---
Clayton Zekelman
Managed Network Systems Inc. (MNSi)
344-300 Tecumseh Rd. E.
Windsor, Ontario
N8X 5E8

tel. 519-985-8410
fax. 519-985-8409

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

_______________________________________________
cisco-bba mailing list
cisco-bba@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal